From a5c1a3b774fc5200e32548d7fa8a16ae4c976247 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 22 Jun 2023 14:51:28 +0200 Subject: [PATCH] MINOR: quic: Reduce the maximum length of TLS secrets The maximum length of the secrets derived by the TLS stack is 384 bits. This reduces the size of the objects provided by the "quic_tls_secret" pool by 16 bytes. Should be backported as far as 2.6 --- include/haproxy/quic_tls-t.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/haproxy/quic_tls-t.h b/include/haproxy/quic_tls-t.h index 71f8932fd..b13e4f8bc 100644 --- a/include/haproxy/quic_tls-t.h +++ b/include/haproxy/quic_tls-t.h @@ -44,7 +44,7 @@ /* AEAD iv and secrete key lengths */ #define QUIC_TLS_IV_LEN 12 /* bytes */ #define QUIC_TLS_KEY_LEN 32 /* bytes */ -#define QUIC_TLS_SECRET_LEN 64 /* bytes */ +#define QUIC_TLS_SECRET_LEN 48 /* bytes */ /* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tags */ #define QUIC_TLS_TAG_LEN 16 /* bytes */ -- 2.47.3